Submitted unopposed and signed by Governor Jerry Brown on the last week of June 2018, the bill requires companies to disclose the personal information gathered on its customers and the reason for the collection. Third-party agencies and related or affiliated companies to whom data will be sold or shared should be identified and known to the consumers as well. Companies are expected to still provide the same quality of service even if consumers choose to delete or withhold their information, though companies may charge higher fees in such situations. The regulation also imposes more restrictions on the acquisition and exchange of personal data of children younger than 16 years old, makes it easier for consumers to sue companies in the event of a data breach, and authorizes the attorney general to penalize enterprises who don’t comply.
California’s data privacy law is not as expansive as the European Union’s General Data Protection Regulation (GDPR) — currently heralded as the most comprehensive data protection regulation in the world — and further revisions are expected to shape the final version of the law before it takes effect in 2020. As California is home to a number of technology and telecommunications companies, other lawmakers, tech companies, lobby groups, and advocates are already expressing their concerns on the possible amendments that can be made. Policymakers observed how, as with the GDPR, data regulation policy affects more than the digital sector of the economy, and public discussions have begun on how there can be more businesses who opt in than opt out.